Requesting certificates via Enroll on Behalf of (EOBO) is not possible because the certificate template is not displayed. The error message is "The certificate template requires too many RA signatures."

Assume the following scenario:

• A certificate is requested for a user or a computer from a certificate authority via the certificate management console (certlm.msc or certmgr.msc).
• One uses here the Enroll on Behalf of (EOBO) Mechanism.
• The desired certificate template is not displayed.
• If you check the "Show all templates" checkbox, the following error message will be displayed for the desired certificate template:

The certificate template requires too many RA signatures. Only one RA signature is allowed. Multiple request agent signatures are not permitted on a certificate request.

Cause

Do you know TameMyCerts? TameMyCerts is an add-on for the Microsoft certification authority (Active Directory Certificate Services). It extends the function of the certification authority and enables the Application of regulationsto realize the secure automation of certificate issuance. TameMyCerts is unique in the Microsoft ecosystem, has already proven itself in countless companies around the world and is available under a free license. It can downloaded via GitHub and can be used free of charge. Professional maintenance is also offered.

Occurs when the certificate template has too many or even no enrollment agents configured. Enroll on behald of requires exactly one signature.

This setting is configured in the Issuance Requirements tab.

Related links:

• Basics: Enroll on Behalf of (EOBO)